By Mike Ranellone Posted January 16, 2020
How do you use Microsoft® Active Directory®? If you run a Windows-based organization with AD tightly integrated into everything you do, it may be providing great value. But if you’ve moved on to modern IT resources such as cloud infrastructure, web applications, Mac® and Linux® machines, and more, when you really think about it, is AD just an expensive database for you?
Before you protest that AD is the tie that binds everything together in your organization, hear us out and take a closer look at your IAM setup:
- How are you managing your Mac and Linux systems? Are you manually managing user access while paying for a third-party system management solution?
- What about iPhones and Android devices: an MDM solution?
- Are your web applications controlled through a single sign-on (SSO) solution or IDaaS product?
- Do compliance reports come through an audit and governance solution?
- What about MFA/2FA? Yet another add-on?
As these costs add up, it’s worth taking a closer look at AD’s role.
Overpaying for Active Directory
For many organizations, the identity and access management approach places Active Directory at the center, but then a plethora of additional solutions cover for areas that aren’t part of AD’s focus or expertise. This leads to a jarring realization: With those add-ons doing most of the heavy lifting, is AD just an expensive database? If you’re really just storing identities within the identity provider, unable to leverage its legacy capabilities for active management, you could be overpaying for an underutilized service. Might there be a more cost-effective and strategic way to solve the challenges of controlling user access to IT resources?
Let’s look at two approaches to squeezing more value out of your directory. In the first approach, we’ll consider a way to strengthen Active Directory for organizations that do rely on some of its more advanced functions. In the second approach, we’ll consider a modern alternative directory service. Both approaches retain and enhance AD’s core functions of user and system management, while expanding management capabilities to modern cloud-based and non-Windows resources. Both options also have the potential to consolidate your collection of third-party AD add-ons.
Maximizing the Value of Your Active Directory Database
Maybe Active Directory isn’t just a database for your organization. You might be using GPOs for your Windows machines, so you have more than one area of need for AD. It might also be authenticating users to on-prem apps via LDAP or networks via RADIUS. Is there a way you can keep AD around but simplify the overall approach?
A single, universal AD extension could handle the job of querying the database and negotiating trust between modern IT resources and the domain controller. It could also potentially eliminate many AD instances at remote office locations. Here’s how it could maximize AD’s value:
- Keep Active Directory as the central database for all user identities — including Mac and Linux users.
- Provide GPO-like management functions for Mac and Linux systems.
- Restore the kind of centralized control once afforded by on-prem AD through cloud-based LDAP, RADIUS, and SAML SSO.
- Eliminate Active Directory instances across your infrastructure reducing the need for a WAN.
- Consolidate a patchwork of third-party add-ons into one cost-effective solution.
An Active Directory Database Alternative
If Active Directory is starting to look like little more than an expensive database for your organization, we have good news: There’s a modern approach to identity and access management that could be an excellent option for those who aren’t taking full advantage of AD or have outgrown what AD can offer. An alternative, cloud-based directory service could phase out AD altogether, replacing it with a more secure, efficient, and cost-effective way to store and verify user identities.
More importantly, this type of alternative directory helps centralize access management, giving admins the tools they need to efficiently provision groups of users to a wide variety of modern cloud resources and the legacy and on-prem resources they still rely on. The entire directory database is hosted securely in the cloud, so there’s no on-prem hardware to configure or update. This new cloud directory is OS- and auth protocol-agnostic, meaning it can connect a user to virtually any IT resource, from workstations to web apps. You can even automate migration of users and systems from AD. If replacing Active Directory with a modern solution that’s more than just a database sounds appealing, learn more about cloud directory services.